Is the assumption that google is going to store, then attempt to decrypt the data at some point in the future? Or is the claim that google's services are less secure than Apple's would be? If not, then I'm not sure that this is worse at all. Sure, if you believe google to be actually malicious, then this would be a problem, but I don't think there's a reasonable argument to say that google would go to this length of maliciousness.
Well, I don't assume either really but I guess GP does. I find it unlikely to the extreme that Google would ever want to scan this content or even less so that they would go to lengths to decrypt it first. But saying that all is lost if the files can't be protected by encryption is a strawman as the data is unreachable by Google if hosted elsewhere.
Google -is- a malicious and exploitative surveillance capitalism company preying on people that don't feel like they have a choice.
Inch by inch "don't be evil" has been replaced with "maximize profit".
I have no doubt that if in 20 years decrypting "historical" Apple user data for "training purposes" is legal and will make Google leadership more money, they will pressure ethically flexible engineers to do it for them.
Assume anything profitable that is legally defensible somewhere in the world will be done by every surveillance capitalism company at some point.
Well, you may be right, but then if you are, I’m not sure you can justify leaving your data with Apple either, which is a public company that has the same underlying market incentives. In fact, if that’s what I believed, I doubt I would put any of my data anywhere, and rather just go live in the woods, or more likely, just give up and stop caring. I’m not convinced that Apple will be any more or less malicious than google is/was/will be when considering a 20 year time frame.
No it isn’t, wether Apple stores its data in a contract data center or one it owns doesn’t change the fact that if you don’t believe encryption is effective then it’s a lost cause to worry about the privacy of your data.
I mean if modern encryption proves broken, the world has quite a bit larger problems than open access to the videos you took of that 2017 summer holiday to Tahiti or the password vault containing your keys to log into HN and your Target account.
Of course there is no guarantee: AES256 could be broken tomorrow, or maybe it has already been. What we know is that, extrapolating compute speed from the past decades and even assuming quantum computers become useable in practice, the best algorithms we currently have cannot be brute-forced within the next 50 years.
> AES256 could be broken tomorrow, or maybe it has already been.
This is extremely unlikely.
> What we know is that, extrapolating compute speed from the past decades and even assuming quantum computers become useable in practice, the best algorithms we currently have cannot be brute-forced within the next 50 years.
Quantum computers only offer a quadratic speedup against symmetric ciphers.
AES 256 will survive much longer than the next 50 years against brute force attacks.
It will either be broken spectacularly, using theoretical methods entirely inconceivable today, or live on – brute force is of no concern at all due to the amounts of energy and matter required to perform it against 256 bit keys.
AES-256 was broken in 2011.[1] While only four times faster than brute force and thus not a practical attack, it suggests that compromise is possible. The Snowden documents indicated that the NSA was working on breaking AES-256. It seems unlikely they would waste effort on a task they considered impossible. Whatever they achieve will be achievable by others eventually.
On top of that, no implementation is perfect. Bugs are discovered in cryptographic APIs on a regular basis. Even if your API is perfect, the application calling the API can have bugs that allow compromise.
>>AES 256 will survive much longer than the next 50 years against brute force attacks.
From what I understand it simply can't be broken by brute force because simply iterating through every possible value of a 256 bit key would require more energy than there is in the universe, and that's without actually trying any of the combinations, just simply having a computer do a i++ through all possible values.
I'm not sure if quantum computing helps here in any way , someone else would need to chime in here with details.
> iterating through every possible value of a 256 bit key
It's my understanding that when encryption gets "broken", it usually refers to something other than a simple brute force attack. Like, something that would make it so you don't need to run as many iterations or whatever.
I assume this because a brute force attack is something that is always possible from day 1, whereas an encryption scheme being broken is something that happens some time afterwards.
My understanding is that encryption is "broken" any time it becomes feasible for someone to decrypt your data without the key. Brute force attacks are always hypothetically possible, but the encryption isn't broken unless such an attack is feasible.
As a counter-example, DES would count as "unbroken" under your definition. The EFF built a machine in 1998 for under $250,000 that could crack a DES key in under 24 hours. I don't know what that would cost today, but I wouldn't be surprised if a couple GPUs could get you the same thing today.
The difference is whether such an attack has even a vanishing chance of succeeding. For AES, the hardware just isn't anywhere close to that. Afaik, there isn't anything that could even hypothetically threaten to make brute force attacks on AES feasible on the table today.
I think you're mixing "weak" and "broken". Out of interest I looked at the Known attacks section of wikipedias AES article and it says as the first sentence "For cryptographers, a cryptographic "break" is anything faster than a brute-force attack".
DES is both weak and broken, but it could be either without the other.
> I'm not sure if quantum computing helps here in any way
Theoretically a quantum computer can brute-force AES-256 using 2^128 sequential steps using Grover's algorithm (i.e. a quadratic advantage over a classical computer). Parallelization diminishes the advantage, e.g. if you're limited to 2^64 sequential steps, you get a 2^64 speedup over classical, for a cost of 2^192 which is still ridiculously large.
Thus quantum computing is not a relevant threat for AES-256 or most other 256-bit symmetric crypto.
The current academic consensus is that AES-256 is quantum resistant, as even with Grover's algorithm the attack would still require 2^128 bits of work. Generally symmetric encryption schemes are impacted to a much lesser extent than public key cryptosystems, with larger key sizes sufficing to ensure quantum resistance. I'd be quite surprised if Apple weren't using AES-256 already.
A minimum of AES-128, which could mean 100% AES-128 or 1% AES-128 from old iOS devices that haven't been updated in years. And even AES-128 would require doing a 2^64 exhaust on a quantum computer, which would be quite a remarkable feat.
Quantum cryptography is much less convenient than conventional asymmetric cryptography and offers few benefits. Doesn't stop people from trying to sell it though...
And for the "encrypted data at rest" scenario we're talking about here, where symmetric encryption suffices, quantum crypto makes no sense what-so-ever.
> Unless you have encryption that is guaranteed to never be obsolete it ALWAYS matters where you store the data.
Well, while there is truth to that, it isn't the whole story. There is a time value to all information that must be factored in. If nothing else, think of one overbroad* classification example: Battle plans, SECRET; Intelligence; TOP SECRET.
* By which I mean there are subtleties and exceptions too numerous to go into here, but the example remains largely illustrative.
The higher the classification, the higher the long term time value, the greater robustness required in one's controls.
In this case, information about/for large numbers of private individuals, today's strong enough symmetric encryption may be strong enough for quite some time.
Or it might not be. I'd love to see a detailed risk assessment....
It does seem likely that Google will pay to store every bit of encrypted customer data that is currently stored forever because potentially decades from now it could be cracked and they could access all that amazing ancient private information.
It still puzzles me that people just can't understand the the huge chasm between storing and using peoples data from their own products and stealing data from other companies thats stored on your systems in the hope that one day it can be decrypted and used to improve ads.
Google is a huge company, the idea that it would set out to do something that everyone involved in would know is directly breaking the law (rather than doing something thats a grey area, or they know is legal but 'unethical' or could become a PR issue, or destroy trust in them and destroy their product) is fairly unbelievable.
This comes up again and again with stories about Google and (particularly) AWS cloud computing. I hope for better on HN!
I mean, there’s these posts on Hacker News claiming to be from former AWS employees saying they stole customer data to launch competing services: https://news.ycombinator.com/item?id=23929959
Maybe the first story is fake and the second is real… but they both point to a “win at all costs” company culture where policies might be violated, even if it threatens trust in the platform and a PR problem when exposed.
But those cases are very different too (I’m not trying to defend what they did). Talking to a startup then copying their product is douchy but not illegal. Using Amazon.com sales data is like looking at the public “top products in electronics” and selling your own version of the top sellers - I imagine all large retailers do something similar when deciding what products to make own versions of.
Hacking computers, networks, or services of your competitors, even when running in you data center is just bad business.
> from former AWS employees saying they stole customer data to launch competing services
You're reading that a lot differently than I am.
The quoted post says:
>AWS proactively looked at traction of products hosted on its platform, built competing products, and then scraped & targeted customer list of those hosted products
None of that reads, to me, as them having had to use confidential data to do any of these things.
You can identify many organisations that are running on AWS without knowing anything about AWS accounts - blog posts, IP space, public code, social media comments from staff, linkedin and all sorts of other places will often reveal that.
Scraping/finding customer lists can be done using research, too. I've spoken to Account Manager-types at places and they've often used various tools that scrape other public resources to identify customers of competing services.
Swap out company names, and it's effectively what I've seen from a bunch of companies, without it delving into anything unethical.
> It still puzzles me that people just can't understand the the huge chasm between storing and using peoples data from their own products and stealing data from other companies thats stored on your systems in the hope that one day it can be decrypted and used to improve ads.
Data is still data.
> Google is a huge company, the idea that it would set out to do something that everyone involved in would know is directly breaking the law (rather than doing something thats a grey area, or they know is legal but 'unethical' or could become a PR issue, or destroy trust in them and destroy their product) is fairly unbelievable.
They do this in Europe by not complying with GDPR. ( and they are not the only one)
> This comes up again and again with stories about Google and (particularly) AWS cloud computing. I hope for better on HN!
This sentiment seems so weird to me. Can you point to a single enterprise offering where Google is collecting data and using it themselves? Or where it would even make sense to do so? Corporate customers pay a lot more per byte than the fleeting value of private data so Google has a strong incentive to never ever touch that data.
Peter's comment comes off as satire to me. A joke about how absurd it would be for google to store 8 exabytes of data for decades because it might one day be useful.
Because it might one day be useful for.. targeting ads? I can almost see the abuse potential, the ads "I know what you did the summer of 1997" will turn us all into mind controlled consumer drones. (those of us who are old enough)
I don't think that is really the point that was being made. As you say the practical chances of google storing this data for x years, then committing corporate suicide by decrypting it is are miniscule (and presumably apple agrees).
The point is that there are layers of security, and by moving the data outside of their physical control apple has given up one of those layers of security.
I'm not sure why people are are thinking in such a limited fashion. Google is effectively holding onto the data for the US government or whoever else has the capability to access all that data in the future. This is the kind of stuff authoritarian governments dream about. And I'm not saying Google is doing it intentionally, just that they're holding onto the data at all and at some point there will be somebody who will make use of that data.
If that is the argument, does it matter whether it is Apple or Google who is holding the physical data? Apple and Google are both based in the US and beholden to the US government, so from the government's perspective it's just a change of address when they send out a warrant.
It doesn't. I'm not sure why you think I think there's a difference. Any corporation that stores our data long-term is a threat to our privacy and our rights.
> does it matter whether it is Apple or Google who is holding the physical data?
It might matter, yes. A company run by a guy like Eric Schmidt is a lot more likely to play nice with the US government when it comes to privacy compared to a company run by a guy like Cook, who from the outside seems obsessed with user-privacy (as long as China isn't directly involved).
Of course, just wanted to say that not two big US companies are the same, it highly depends on who leads them. The powers that be that decided that a guy like Schmidt was fit to run a company like Google could do that again.
I mean google is full of employees who threatened to walk out when their employer wanted government defense contracts. Pretty sure google would get a ton of internal pushback if a team wanted to do what you describe.
Google employs the same standard issue tech person you see here on HN.
